Skip to main content

More Info:

Web ACL rule group should have certain defined set of rule groups: AWS Managed IP reputation List AWS Managed Anonymous IP List AWS Managed core ruleset AWS Managed Known Bad Input List AWS Managed SQLI Ruleset AWS Managed Linux Ruleset AWS Managed Admin Protection Ruleset

Risk Level

High

Address

Security

Compliance Standards

CBP

Triage and Remediation

  • Remediation

Remediation

Using Console

Here are the step-by-step instructions on how to remediate this misconfiguration:
  1. Sign in to the AWS Management Console and open the AWS WAF console at https://console.aws.amazon.com/wafv2/.
  2. In the navigation pane, choose “WebACLs”.
  3. Choose the WebACL that you want to add a rule to.
  4. In the Rules section, choose “Add rules”.
  5. In the Add rule window, choose “Create rule”.
  6. In the Rule builder section, for Name, type a name for your rule.
  7. For If a request, choose “Matches the statement”.
  8. For Statement, choose the type of statement that you want to use. For this scenario, you can choose “IP address” and specify the IP addresses that you want to allow or block.
  9. For Action, choose “Block” to block requests that match the statement, or “Allow” to allow requests that match the statement.
  10. Choose “Add to WebACL” to add the rule to your WebACL.
  11. After you’ve added all the rules that you want, choose “Create”.
  12. In the WebACL, for Default action, choose “Block” to block all requests that don’t match any rules, or “Allow” to allow all requests that don’t match any rules.
  13. Choose “Save” to save your changes.
Remember to test your new rules with non-production traffic. After you’re confident that your rules are working as expected, you can apply them to your production traffic.
To remediate this misconfiguration, you need to add a new rule to your AWS WAF WebACL. Here are the steps to do this using the AWS CLI:
  1. Identify your WebACL: First, you need to identify the WebACL that you want to update. You can do this by running the following command: 
    aws waf list-web-acls --scope REGIONAL
    This will return a list of all your WebACLs. Note down the ID of the WebACL you want to update.
  2. Create a WAF rule: Next, you need to create a new WAF rule that provides the basic protection you want. For example, you might want to create a rule that blocks IP addresses that are known to be sources of DDoS attacks. Here’s how you can do this: 
    aws waf create-rule --name "BlockBadIPs" --metric-name "BlockBadIPs" --change-token $(aws waf get-change-token --query 'ChangeToken' --output text) --region us-west-2
    This command creates a new rule named “BlockBadIPs”. The --change-token parameter is required for all WAF operations that change the service. The get-change-token command retrieves a change token that you can use in your command. Replace --region with your region.
  3. Add the rule to your WebACL: Once you have created the rule, you can add it to your WebACL with the following command: 
    aws waf update-web-acl --web-acl-id <Your-WebACL-ID> --change-token $(aws waf get-change-token --query 'ChangeToken' --output text) --updates Action="INSERT" ActivatedRule={Priority=0,RuleId="<Your-Rule-ID>",Action={Type="BLOCK"}} --region us-west-2
    Replace <Your-WebACL-ID> with the ID of your WebACL and <Your-Rule-ID> with the ID of the rule you just created. Again, replace --region with your region.
  4. Verify the change: Finally, you can verify that the rule has been added to your WebACL by running the following command: 
    aws waf get-web-acl --web-acl-id <Your-WebACL-ID> --region us-west-2
    This will return the details of your WebACL, including the rules that it contains. You should see the rule you just added in the list.
Remember to replace all placeholders with your actual IDs and region.
To remediate this misconfiguration, you need to create a basic rule for AWS WAF (Web Application Firewall) WebACLs (Access Control Lists). This can be done using the AWS SDK for Python (Boto3). Here are the step-by-step instructions:
  1. Install AWS SDK for Python (Boto3): If you haven’t installed Boto3, you can install it using pip: 
    pip install boto3
  2. Configure AWS Credentials: You need to configure your AWS credentials. You can configure them by using the AWS CLI (Command Line Interface): 
    aws configure
    You will be prompted to provide your AWS Access Key ID and Secret Access Key, which you can get from your AWS Management Console.
  3. Create a Basic Rule: Now, you can create a basic rule for your WebACL using Boto3. Here is a basic example: 
    import boto3

client = boto3.client('waf')

response = client.create_rule(
    Name='BasicRule',
    MetricName='BasicRule',
    ChangeToken='string',
    Predicates=[
        {
            'Negated': False,
            'Type': 'IPMatch',
            'DataId': 'string'
        },
    ]
)
    In this example, we are creating a rule that blocks requests from specific IP addresses. You need to replace 'string' in ChangeToken and DataId with your own values. ChangeToken is a value returned by a previous call to get a change token, and DataId is the ID of the IPSet that you want to use in the rule.
  4. Add the Rule to a WebACL: After creating the rule, you need to add it to a WebACL. Here is how you can do it: 
    response = client.update_web_acl(
    WebACLId='string',
    ChangeToken='string',
    Updates=[
        {
            'Action': 'INSERT',
            'ActivatedRule': {
                'Priority': 123,
                'RuleId': 'string',
                'Action': {
                    'Type': 'BLOCK'
                },
            }
        },
    ],
    DefaultAction={
        'Type': 'ALLOW'
    }
)
    In this example, you need to replace 'string' in WebACLId, ChangeToken, and RuleId with your own values. WebACLId is the ID of the WebACL that you want to update, ChangeToken is the same as before, and RuleId is the ID of the rule that you created before.
Please note that these are basic examples. Depending on your specific needs, you may need to customize these scripts. Always refer to the official AWS Boto3 documentation for more detailed information.
I